diff --git a/code-scanning/anchore.yml b/code-scanning/anchore.yml index d90f68c..fcca708 100644 --- a/code-scanning/anchore.yml +++ b/code-scanning/anchore.yml @@ -20,8 +20,14 @@ on: schedule: - cron: $cron-weekly +permissions: + contents: read + jobs: Anchore-Build-Scan: + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results runs-on: ubuntu-latest steps: - name: Checkout the code @@ -36,4 +42,4 @@ jobs: - name: Upload Anchore Scan Report uses: github/codeql-action/upload-sarif@v1 with: - sarif_file: results.sarif \ No newline at end of file + sarif_file: results.sarif